Expand Configuration and Management Manual (G06.24+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

521

522

523

524

525

526

527

528

529

530

Managing the Network

Expand Configuration and Management Manual—523347-008

19-9

Remote Process Security

The following command removes all of the user’s remote passwords:

remotepassword

•

Request-access passwords and allow-access passwords can be specified at any

time. Remote access is permitted as soon as both remote passwords are defined

(provided they match).

•

Remote passwords are independent of local passwords. In the preceding example,

ADMIN.BILL could prevent unauthorized persons from logging on as ADMIN.BILL

by entering the following command with password LOCBILL at either system:

password locbill

Remote Process Security

The following security considerations apply to remote processes:

•

With respect to a specific node, each process in the network is either local or

remote. A process is remote to a node if it has the following characteristics:

•

The process is running on a remote node.

•

The process’ creator is on a remote node.

•

The process’ creator is node.

Therefore, a process that is running on a node can be remote with respect to that

node. These restrictions prevent a remote process from creating another process

to access a file whose security specifies local access only.

•

A remote process cannot suspend nor activate a local process. A remote process

cannot stop a local process, unless the stop mode of the local process is 0 (which

allows anyone to stop it).

•

A remote process cannot put a local process in a debug state.

Remote TACL Processes

Openers of a file are either local or remote with respect to the file. A local user is

logged onto the node on which the file resides. A remote user is logged on to a

different node in the same network.

A remote accessor of a node can become a local accessor by running a TACL process

in the remote node and logging on. For example, if remote passwords are established

so that user ADMIN.BILL at \WEST can access node \EAST, ADMIN.BILL can issue

the following commands:

1> \east.tacl

TACL 1> logon admin.bill

Password:

ADMIN.BILL is now logged on as the local ADMIN.BILL on node \EAST. Therefore,

ADMIN.BILL can access disk files on \EAST owned by ADMIN.BILL even if they are